From

Thank you

Sorry

The recently released System Center Configuration Manager (SCCM) 2012 has received rave reviews for its ease-of-use and extensive management feature set. But you may have missed the fact that Microsoft has slipped Endpoint Protection (formerly called Forefront Endpoint Protection) into the product as a paid add-on. Endpoint Protection is an antimalware product, plain and simple. Its integration with SCCM 2012 makes a great deal of sense, given SCCM's role in deploying and updating software.

Too bad the client licensing plans for Endpoint Protection on Windows Server are so wildly confusing. At first glance, it appears you have to pay quite a bit more for smaller environments -- those with one or two servers -- than you would in larger environments. Upon further research, it turns out you can purchase Endpoint Protection for stand-alone server systems or as part of various licensing options under a Core Client Access License (CAL), Enterprise CAL, or other Microsoft CAL plan.

If you can figure out the licensing options, the addition of Endpoint Protection to System Center Configuration Manager 2012 brings along some very nice features. For example, you can create antimalware policies configured for groups of systems; these policies can run scans on custom schedules. You can also configure real-time settings, exclusion settings, and advanced settings, such as creating a system restore point before computers are cleaned.

The available policy settings also let you alter the type and order for update sources such as Configuration Manager, Windows Server Update Services (WSUS), Windows Update, Microsoft Malware Protection Center, and Windows Universal Naming Convention (UNC) file shares. Additionally, you can set the firewall settings for clients. When specifying the installation of the endpoint client, you can remove previously installed antimalware software, including previous versions of Endpoint Protection.

By using System Center Configuration Manager for managing Endpoint Protection, it's easier to keep your information on deployments in one place, as well as to monitor overall endpoint protection client status and malware remediation status for your systems from the SCCM dashboard you're using for overall administration every day. You can also select a client in the SCCM dashboard and immediately initiate a quick or full scan, as well as download the latest definitions, if you don't want to wait for the policy to do it.

J. Peter Bruzzese is a five-time-awarded Microsoft MVP (current technical expertise Office 365, previous four years Exchange). He is a technical speaker and author with more than a dozen books sold internationally. He's the cofounder of ClipTraining, the creator of ConversationalGeek.com, instructor on Exchange/Office 365 video content for Pluralsight, and a consultant for a variety of companies.